package org.globus.gsi;

import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.util.StringTokenizer;
import java.util.Vector;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.ftp.FileInfo;
import org.globus.util.I18n;

/* loaded from: input_file:org/globus/gsi/SigningPolicyParser.class */
public class SigningPolicyParser {
    private static I18n i18n = I18n.getI18n("org.globus.gsi.errors", SigningPolicyParser.class.getClassLoader());
    private static Log logger = LogFactory.getLog(SigningPolicyParser.class.getName());
    public static String ACCESS_ID_PREFIX = "access_id_";
    public static String ACCESS_ID_CA = "access_id_CA";
    public static String DEF_AUTH_X509 = "X509";
    public static String DEF_AUTH_GLOBUS = "globus";
    public static String POS_RIGHTS = "pos_rights";
    public static String NEG_RIGHTS = "neg_rights";
    public static String CONDITION_PREFIX = "cond_";
    public static String CONDITION_SUBJECT = "cond_subjects";
    public static String VALUE_CA_SIGN = "CA:sign";
    public static String SINGLE_CHAR = FileInfo.UNKNOWN_STRING;
    public static String WILDCARD = "*";
    public static String SINGLE_PATTERN = "[\\p{Print}\\p{Blank}]";
    public static String WILDCARD_PATTERN = SINGLE_PATTERN + "*";
    private static final char[] EMAIL_KEYWORD_1 = {'E', '='};
    private static final char[] EMAIL_KEYWORD_2 = {'E', 'm', 'a', 'i', 'l', '='};
    private static final String EMAIL_KEYWORD = "emailAddress=";

    public static SigningPolicy getPolicy(String str, String str2) throws SigningPolicyParserException {
        if (str == null || str.trim().equals("")) {
            throw new IllegalArgumentException();
        }
        logger.debug("Signing policy file name " + str + " with CA DN " + str2);
        FileReader fileReader = null;
        try {
            fileReader = new FileReader(str);
            SigningPolicy policy = getPolicy(fileReader, str2);
            policy.setFileName(str);
            logger.debug("Policy file parsing completed, policy is " + (policy == null));
            return policy;
        } catch (FileNotFoundException e) {
            if (fileReader != null) {
                try {
                    fileReader.close();
                } catch (Exception e2) {
                }
            }
            throw new SigningPolicyParserException(e.getMessage(), e);
        }
    }

    public static SigningPolicy getPolicy(Reader reader, String str) throws SigningPolicyParserException {
        BufferedReader bufferedReader = new BufferedReader(reader);
        try {
            try {
                String readLine = bufferedReader.readLine();
                while (readLine != null) {
                    String trim = readLine.trim();
                    if (isValidLine(trim)) {
                        logger.trace("Line to parse: " + trim);
                        String str2 = null;
                        if (!trim.startsWith(ACCESS_ID_PREFIX)) {
                            throw new SigningPolicyParserException(i18n.getMessage("invalidAccessId", trim));
                        }
                        logger.trace("Check if it is CA and get the DN " + trim);
                        if (trim.startsWith(ACCESS_ID_CA)) {
                            str2 = getCA(trim.substring(ACCESS_ID_CA.length(), trim.length()));
                            logger.trace("CA DN is " + str2);
                        }
                        boolean z = false;
                        if (str2 != null && equalsDN(str2, str)) {
                            z = true;
                            logger.trace("CA DN match " + str2);
                        }
                        Boolean bool = null;
                        while (true) {
                            String readLine2 = bufferedReader.readLine();
                            readLine = readLine2;
                            if (readLine2 == null) {
                                break;
                            }
                            if (isValidLine(readLine)) {
                                readLine = readLine.trim();
                                logger.trace("Line is " + readLine);
                                if (readLine.startsWith(POS_RIGHTS)) {
                                    if (Boolean.FALSE.equals(bool)) {
                                        throw new SigningPolicyParserException(i18n.getMessage("invalidPosRights", readLine));
                                    }
                                    bool = Boolean.TRUE;
                                    if (z) {
                                        logger.trace("Parse pos_rights here");
                                        z = isCASignRight(readLine.substring(POS_RIGHTS.length(), readLine.length()));
                                    }
                                } else if (readLine.startsWith(NEG_RIGHTS)) {
                                    if (Boolean.TRUE.equals(bool)) {
                                        throw new SigningPolicyParserException(i18n.getMessage("invalidNegRights", readLine));
                                    }
                                    bool = Boolean.FALSE;
                                    logger.trace("Ignore neg_rights");
                                } else if (readLine.startsWith(CONDITION_PREFIX)) {
                                    if (!Boolean.TRUE.equals(bool)) {
                                        throw new SigningPolicyParserException(i18n.getMessage("invalidRestrictions", readLine));
                                    }
                                    if (z && readLine.startsWith(CONDITION_SUBJECT)) {
                                        logger.trace("Read in subject condition.");
                                        return new SigningPolicy(str, getAllowedDNs(readLine.substring(CONDITION_SUBJECT.length(), readLine.length()), readLine));
                                    }
                                } else if (!readLine.startsWith(ACCESS_ID_PREFIX)) {
                                    throw new SigningPolicyParserException(i18n.getMessage("invalidLine", readLine));
                                }
                            }
                        }
                    } else {
                        readLine = bufferedReader.readLine();
                    }
                }
                try {
                    bufferedReader.close();
                } catch (Exception e) {
                }
                return new SigningPolicy(str);
            } catch (IOException e2) {
                throw new SigningPolicyParserException("", e2);
            }
        } finally {
            try {
                bufferedReader.close();
            } catch (Exception e3) {
            }
        }
    }

    private static boolean isValidLine(String str) throws SigningPolicyParserException {
        String trim = str.trim();
        if (trim.equals("") || trim.startsWith("#")) {
            return false;
        }
        if (new StringTokenizer(trim).countTokens() < 3) {
            throw new SigningPolicyParserException(i18n.getMessage("invalidTokens", trim));
        }
        return true;
    }

    private static Vector getAllowedDNs(String str, String str2) throws SigningPolicyParserException {
        String trim = str.trim();
        int findIndex = findIndex(trim);
        if (findIndex == -1) {
            throw new SigningPolicyParserException(i18n.getMessage("invalidTokens", trim));
        }
        if (!DEF_AUTH_GLOBUS.equals(trim.substring(0, findIndex))) {
            return null;
        }
        String trim2 = trim.substring(findIndex + 1, trim.length()).trim();
        int i = 0;
        int length = trim2.length();
        if (trim2.charAt(0) == '\'') {
            i = 0 + 1;
            int indexOf = trim2.indexOf(39, i);
            if (indexOf == -1) {
                throw new SigningPolicyParserException(i18n.getMessage("invalidSubjects", str2));
            }
            length = indexOf;
        }
        String trim3 = trim2.substring(i, length).trim();
        if (trim3.equals("")) {
            throw new SigningPolicyParserException(i18n.getMessage("emptySubjects", str2));
        }
        Vector vector = new Vector();
        int i2 = 0;
        int length2 = trim3.length();
        if (trim3.indexOf("\"") == -1) {
            vector.add(getPattern(trim3));
        } else {
            while (i2 < length2) {
                int indexOf2 = trim3.indexOf("\"", i2);
                int indexOf3 = trim3.indexOf("\"", indexOf2 + 1);
                if (indexOf3 == -1) {
                    throw new SigningPolicyParserException(i18n.getMessage("unmatchedQuotes", str2));
                }
                vector.add(getPattern(trim3.substring(indexOf2 + 1, indexOf3)));
                i2 = indexOf3 + 1;
            }
        }
        return vector;
    }

    private static boolean isCASignRight(String str) throws SigningPolicyParserException {
        String trim = str.trim();
        int findIndex = findIndex(trim);
        if (findIndex == -1) {
            throw new SigningPolicyParserException(i18n.getMessage("invalidTokens", trim));
        }
        if (!DEF_AUTH_GLOBUS.equals(trim.substring(0, findIndex))) {
            return false;
        }
        String trim2 = trim.substring(findIndex + 1, trim.length()).trim();
        return VALUE_CA_SIGN.equals(trim2.substring(0, trim2.length()));
    }

    private static String getCA(String str) throws SigningPolicyParserException {
        String substring;
        String trim = str.trim();
        int findIndex = findIndex(trim);
        if (findIndex == -1) {
            throw new SigningPolicyParserException(i18n.getMessage("invalidTokens", trim));
        }
        if (!DEF_AUTH_X509.equals(trim.substring(0, findIndex))) {
            return null;
        }
        String trim2 = trim.substring(findIndex + 1, trim.length()).trim();
        trim2.substring(0, trim2.length());
        if (trim2.charAt(0) == '\'') {
            int i = 0 + 1;
            int indexOf = trim2.indexOf(39, i + 1);
            if (indexOf == -1) {
                throw new SigningPolicyParserException(i18n.getMessage("invalidCaDN", str));
            }
            substring = trim2.substring(i, indexOf);
        } else {
            substring = trim2.substring(0, trim2.length() - 1);
        }
        return substring.trim();
    }

    public static Pattern getPattern(String str) {
        StringBuffer append;
        StringBuffer append2;
        if (str == null) {
            throw new IllegalArgumentException();
        }
        int i = 0;
        int length = str.length();
        StringBuffer stringBuffer = new StringBuffer("");
        while (i < length) {
            int indexOf = str.indexOf(WILDCARD, i);
            if (indexOf == -1) {
                indexOf = length;
                append2 = stringBuffer.append(str.substring(i, indexOf));
            } else {
                append2 = stringBuffer.append(str.substring(i, indexOf)).append(WILDCARD_PATTERN);
            }
            stringBuffer = append2;
            i = indexOf + 1;
        }
        String stringBuffer2 = stringBuffer.toString();
        int i2 = 0;
        int length2 = stringBuffer2.length();
        StringBuffer stringBuffer3 = new StringBuffer("");
        while (i2 < length2) {
            int indexOf2 = stringBuffer2.indexOf(SINGLE_CHAR, i2);
            if (indexOf2 == -1) {
                indexOf2 = length2;
                append = stringBuffer3.append(stringBuffer2.substring(i2, indexOf2));
            } else {
                append = stringBuffer3.append(stringBuffer2.substring(i2, indexOf2)).append(SINGLE_PATTERN);
            }
            stringBuffer3 = append;
            i2 = indexOf2 + 1;
        }
        String stringBuffer4 = stringBuffer3.toString();
        logger.debug("String with replaced pattern is " + stringBuffer4);
        return Pattern.compile(stringBuffer4, 2);
    }

    private static int findIndex(String str) {
        if (str == null) {
            return -1;
        }
        String trim = str.trim();
        int indexOf = trim.indexOf(" ");
        int indexOf2 = trim.indexOf("\t");
        return indexOf != -1 ? indexOf2 != -1 ? indexOf < indexOf2 ? indexOf : indexOf2 : indexOf : indexOf2;
    }

    public static boolean equalsDN(String str, String str2) {
        if (str == null && str2 == null) {
            return true;
        }
        if (str == null || str2 == null) {
            return false;
        }
        return normalizeDN(str).equals(normalizeDN(str2));
    }

    private static boolean keyWordPresent(char[] cArr, int i, char[] cArr2) {
        if (i + cArr2.length > cArr.length) {
            return false;
        }
        int i2 = 0;
        int i3 = i;
        while (i2 < cArr2.length) {
            if (cArr[i3] != cArr2[i2]) {
                return false;
            }
            i2++;
            i3++;
        }
        return true;
    }

    public static String normalizeDN(String str) {
        if (str == null) {
            return null;
        }
        char[] charArray = str.toCharArray();
        StringBuffer stringBuffer = new StringBuffer(charArray.length);
        int i = 0;
        while (i < charArray.length) {
            if (charArray[i] == '/') {
                stringBuffer.append("/");
                if (keyWordPresent(charArray, i + 1, EMAIL_KEYWORD_1)) {
                    stringBuffer.append(EMAIL_KEYWORD);
                    i += EMAIL_KEYWORD_1.length;
                } else if (keyWordPresent(charArray, i + 1, EMAIL_KEYWORD_2)) {
                    stringBuffer.append(EMAIL_KEYWORD);
                    i += EMAIL_KEYWORD_2.length;
                }
            } else {
                stringBuffer.append(charArray[i]);
            }
            i++;
        }
        return stringBuffer.toString();
    }
}
